[ Index ] |
PHP Cross Reference of phpwcms V1.4.7 _r403 (01.11.10) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2010 Oliver Georgi (oliver@phpwcms.de) // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 // ---------------------------------------------------------------- 24 // obligate check for phpwcms constants 25 if (!defined('PHPWCMS_ROOT')) { 26 die("You Cannot Access This Script Directly, Have a Nice Day."); 27 } 28 // ---------------------------------------------------------------- 29 30 31 32 //bid 33 34 35 $bid = unserialize($crow["acontent_form"]); 36 37 //first check if period is valid for showing the bid 38 $bid['start_show'] = 0; $bid['end_show'] = 0; 39 if(($bid['start_date'] && $bid['start_date'] < time()) || !$bid['start_date']) $bid['start_show'] = 1; 40 if(($bid['end_date'] && $bid['end_date'] > time()) || !$bid['end_date']) $bid['end_show'] = 1; 41 42 if($bid['start_show'] && $bid['end_show']) { 43 44 //verify or delete given hash 45 if(!(strpos($_SERVER['REQUEST_URI'],'hash=') === false)) { 46 47 if(isset($_GET['hash'])) { 48 $bid['get_hash'] = $_GET['hash']; 49 } else { 50 list($bid['part1'], $bid['get_hash']) = explode('hash=', trim($_SERVER['REQUEST_URI'])); 51 } 52 53 $bid['do'] = strtolower(substr($bid['get_hash'], 0, 1)); 54 $bid['get_hash'] = substr($bid['get_hash'], 1); 55 56 if($bid['do'] == 'v') { 57 //verify bid 58 $bid['sql'] = "UPDATE ".DB_PREPEND."phpwcms_bid SET "; 59 $bid['sql'] .= "bid_verified='1' WHERE bid_hash='".aporeplace($bid['get_hash']); 60 $bid['sql'] .= "' AND bid_verified=0 LIMIT 1;"; 61 $bid['form'] = $bid['verified']; 62 } 63 if($bid['do'] == 'd') { 64 //delete bid 65 $bid['sql'] = "DELETE FROM ".DB_PREPEND."phpwcms_bid "; 66 $bid['sql'] .= "WHERE bid_hash='".aporeplace($bid['get_hash'])."' LIMIT 1;"; 67 $bid['form'] = $bid['notverified']; 68 } 69 mysql_query($bid['sql'], $db); 70 71 } 72 73 $CNT_TMP .= headline($crow["acontent_title"], $crow["acontent_subtitle"], $template_default["article"]); 74 $CNT_TMP .= $bid['before']; 75 76 if($bid['start_date']) { 77 $bid['text'] = preg_replace('/###BID_START:(.*?)###/e', "date('$1',\$bid['start_date'])", $bid['text']); 78 } else { 79 $bid['text'] = preg_replace('/###BID_START:(.*?)###/', '∞', $bid['text']); 80 } 81 82 if($bid['end_date']) { 83 $bid['text'] = preg_replace('/###BID_END:(.*?)###/e', "date('$1',\$bid['end_date'])", $bid['text']); 84 } else { 85 $bid['text'] = preg_replace('/###BID_END:(.*?)###/', '∞', $bid['text']); 86 } 87 88 89 //bid form start values 90 $bid['post_email'] = ''; 91 $bid['post_amount'] = $bid['startbid']; 92 $bid['post_error'] = 0; 93 $bid['amount'] = $bid['startbid']; 94 95 // first check for all available related bid entries 96 $bid['sql'] = "SELECT * FROM ".DB_PREPEND."phpwcms_bid WHERE bid_cid="; 97 $bid['sql'] .= $crow["acontent_id"]." AND bid_verified=1 AND bid_trashed=0 ORDER BY bid_amount DESC LIMIT 1"; 98 99 if($bid['result'] = mysql_query($bid['sql'], $db)) { 100 if($bid['row'] = mysql_fetch_assoc($bid['result'])) { 101 if($bid['post_amount'] < $bid['row']['bid_amount']) $bid['post_amount'] = $bid['row']['bid_amount']; 102 $bid['amount'] = $bid['row']['bid_amount']; 103 } 104 if(!$bid['amount']) $bid['amount'] = $bid['startbid']; 105 mysql_free_result($bid['result']); 106 } 107 108 if(isset($_POST['bid_email']) && isset($_POST['bid_amount'])) { 109 110 $bid['post_email'] = clean_slweg(remove_unsecure_rptags($_POST['bid_email'])); 111 $bid['post_amount'] = clean_slweg(remove_unsecure_rptags($_POST['bid_amount'])); 112 $bid['post_amount'] = str_replace('.', '', $bid['post_amount']); 113 $bid['post_amount'] = str_replace(',', '.', $bid['post_amount']); 114 $bid['post_amount'] = floatval($bid['post_amount']); 115 116 117 118 119 if(!is_valid_email($bid['post_email']) || !$bid['post_email']) $bid['post_error'] = 1; 120 if(!$bid['post_amount']) $bid['post_error'] = 1; 121 122 123 if(!$bid['post_error']) { 124 125 $bid['hash'] = md5($bid['post_email'].time()); 126 $bid['sql'] = "INSERT INTO ".DB_PREPEND."phpwcms_bid SET "; 127 $bid['sql'] .= "bid_cid='".$crow["acontent_id"]."', "; 128 $bid['sql'] .= "bid_email='".aporeplace($bid['post_email'])."', "; 129 $bid['sql'] .= "bid_hash='".$bid['hash']."', "; 130 $bid['sql'] .= "bid_amount='".$bid['post_amount']."';"; 131 132 //if(mysql_query($bid['sql'], $db) OR die('<pre>'.$bid['sql'].'</pre>')); 133 mysql_query($bid['sql'], $db); 134 135 //send validation 136 include_once ('include/inc_ext/phpmailer/class.phpmailer.php'); 137 138 $bid_mailer = new PHPMailer(); 139 140 $bid_mailer->SetLanguage('en', 'include/inc_ext/phpmailer/language/'); 141 $bid_mailer->Mailer = $phpwcms['SMTP_MAILER']; 142 $bid_mailer->From = $bid['emailfrom']; 143 $bid_mailer->FromName = $bid['emailfromname']; 144 $bid_mailer->AddAddress($bid['post_email']); 145 $bid_mailer->CharSet = $phpwcms["charset"]; 146 $bid_mailer->Subject = ($crow["acontent_title"]) ? $crow["acontent_title"] : 'bid validation'; 147 148 list($bid["uri"], $bid["query"]) = explode('?', $_SERVER['REQUEST_URI']); 149 $bid['url'] = preg_replace('/\/$/', '', $phpwcms['site']); 150 //$bid['url'] .= ($phpwcms["root"]) ? "/".$phpwcms["root"] : ''; 151 $bid['url'] = preg_replace('/\/$/', '', $bid['url']).$bid["uri"]; 152 153 $bid["delurl"] = ''; 154 if($bid["query"]) $bid["delurl"] = $bid["query"].'&'; 155 $bid["delurl"] = $bid['url'].'?'.$bid["delurl"].'hash=D'.$bid['hash']; 156 157 $bid["verifyurl"] = ''; 158 if($bid["query"]) $bid["verifyurl"] = $bid["query"].'&'; 159 $bid["verifyurl"] = $bid['url'].'?'.$bid["verifyurl"].'hash=V'.$bid['hash']; 160 161 if($bid["query"]) $bid['url'].'?'.$bid["query"]; 162 $bid["emailmsg"] = str_replace('###BID_URL###', $bid['url'], $bid["emailmsg"]); 163 164 $bid["emailmsg"] = str_replace('###VERIFY_LINK###', $bid["verifyurl"], $bid["emailmsg"]); 165 $bid["emailmsg"] = str_replace('###DELETE_LINK###', $bid["delurl"], $bid["emailmsg"]); 166 $bid["emailmsg"] = str_replace('###EMAIL###', $bid['post_email'], $bid["emailmsg"]); 167 168 $bid["emailmsg"] = str_replace('###BID###', number_format($bid['post_amount'], 2, ',', '.'), $bid["emailmsg"]); 169 $bid["emailmsg"] = str_replace('###START_BID###', number_format($bid['startbid'], 2, ',', '.'), $bid["emailmsg"]); 170 171 if($bid['start_date']) { 172 $bid["emailmsg"] = preg_replace('/###BID_START:(.*?)###/e', "date('$1',\$bid['start_date'])", $bid["emailmsg"]); 173 } else { 174 $bid["emailmsg"] = preg_replace('/###BID_START:(.*?)###/', '-', $bid["emailmsg"]); 175 } 176 177 if($bid['end_date']) { 178 $bid["emailmsg"] = preg_replace('/###BID_END:(.*?)###/e', "date('$1',\$bid['end_date'])", $bid["emailmsg"]); 179 } else { 180 $bid["emailmsg"] = preg_replace('/###BID_END:(.*?)###/', '-', $bid["emailmsg"]); 181 } 182 183 $bid_mailer->Body = $bid["emailmsg"]; 184 185 if(strtolower($phpwcms['SMTP_MAILER']) == 'smtp') { 186 $bid_mailer->Port = (!$phpwcms['SMTP_PORT']) ? 25 : $phpwcms['SMTP_PORT']; 187 $bid_mailer->Host = $phpwcms['SMTP_HOST']; 188 $bid_mailer->SMTPAuth = $phpwcms['SMTP_AUTH']; 189 $bid_mailer->Username = $phpwcms['SMTP_USER']; 190 $bid_mailer->Password = $phpwcms['SMTP_PASS']; 191 } 192 193 if(!$bid_mailer->Send()) { 194 $bid['form'] = 'Mail-Error: '.html_specialchars($bid['post_email'].' ('.$bid_mailer->ErrorInfo).')<br>'; 195 } else { 196 $bid['form'] = $bid["sent"]; 197 } 198 199 unset($bid_mailer); 200 } 201 } 202 203 $bid['text'] = str_replace('###BID_CURRENT###', number_format($bid['amount'], 2, ',', '.'), $bid['text']); 204 $bid['text'] = str_replace('###START_BID###', number_format($bid['startbid'], 2, ',', '.'), $bid['text']); 205 206 if($bid['image_cname']) { 207 $bid['image_cname'] = '<img src="'.$phpwcms["content_path"].$phpwcms["cimage_path"].$bid['image_cname'].'" border=0" alt=""###ALIGN### />'; 208 if($bid['image_zoom']) { 209 $open_popup_link = 'image_zoom.php?'.getClickZoomImageParameter($bid['image_prev']); 210 $bid['image_cname'] = '<a href="'.$open_popup_link.'" '. 211 "onclick=\"window.open('".$open_popup_link."','previewpic','width=". 212 $bid['image_prev_info'][0].',height='.$bid['image_prev_info'][1]. 213 "');return false;\">".$bid['image_cname'].'</a>'; 214 } 215 216 preg_match('/###BID_IMG:(.*)###/U', $bid['text'], $match); 217 if(isset($match[1]) && $match[1]) { 218 $match[1] = strtolower(trim($match[1])); 219 if($match[1] == 'center') { 220 $bid['image_cname'] = str_replace('###ALIGN###', '',$bid['image_cname']); 221 $bid['image_cname'] = '<div align="center">'.$bid['image_cname'].'</div>'; 222 } else { 223 $bid['image_cname'] = str_replace('###ALIGN###', ' align="'.$match[1].'"',$bid['image_cname']); 224 } 225 } else { 226 $bid['image_cname'] = str_replace('###ALIGN###', '',$bid['image_cname']); 227 } 228 229 } 230 $bid['text'] = preg_replace('/###BID_IMG:(.*)###/U', $bid['image_cname'], $bid['text']); 231 232 233 if(!$bid['post_error']) { 234 // remove post form error part 235 $bid['form'] = preg_replace("/<!--FORM_ERROR_START-->(.*?)<!--FORM_ERROR_END-->/si", '', $bid['form']); 236 } else { 237 $bid['form'] = preg_replace("/<!--FORM_ERROR_START-->(.*?)<!--FORM_ERROR_END-->/si", '$1', $bid['form']); 238 } 239 240 $bid['form'] = str_replace('name="###BID_EMAIL###"', 'name="bid_email"', $bid['form']); 241 $bid['form'] = str_replace('value="###BID_EMAIL###"', 'value="'.html_specialchars($bid['post_email']).'"', $bid['form']); 242 $bid['form'] = str_replace('name="###BID_AMOUNT###"', 'name="bid_amount"', $bid['form']); 243 244 if(!isset($_POST['bid_email']) || !isset($_POST['bid_amount'])) $bid['post_amount'] += $bid['nextbidadd']; 245 246 $bid['form'] = str_replace('value="###BID_AMOUNT###"', 'value="'.html_specialchars(number_format($bid['post_amount'],2,',','.')).'"', $bid['form']); 247 248 $bid['form'] = '<form name="sendbid" method="post" action="index.php?id="'.implode(',', $aktion).'">'.$bid['form'].'</form>'; 249 $bid['text'] = str_replace('###BID_FORM###', $bid['form'], $bid['text']); 250 251 $CNT_TMP .= $bid['text']; 252 $CNT_TMP .= $bid['after']; 253 254 } 255 256 unset($bid); 257 258 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Nov 16 22:51:00 2010 | Cross-referenced by PHPXref 0.7 |